From b25d821c79cf9a472be525b851b7150967cd424164d1a6fcdbe5492deabce83e Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 14 Feb 2023 12:06:18 +0000 Subject: [PATCH] Accepting request 1065422 from GNOME:Next OBS-URL: https://build.opensuse.org/request/show/1065422 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/harfbuzz?expand=0&rev=229 --- harfbuzz-6.0.0.tar.xz | 3 --- harfbuzz-7.0.0.tar.xz | 3 +++ harfbuzz-CVE-2023-25193.patch | 31 ------------------------------- harfbuzz.changes | 26 ++++++++++++++++++++++++++ harfbuzz.spec | 19 +++++++++++++++---- 5 files changed, 44 insertions(+), 38 deletions(-) delete mode 100644 harfbuzz-6.0.0.tar.xz create mode 100644 harfbuzz-7.0.0.tar.xz delete mode 100644 harfbuzz-CVE-2023-25193.patch diff --git a/harfbuzz-6.0.0.tar.xz b/harfbuzz-6.0.0.tar.xz deleted file mode 100644 index 4dd82b6..0000000 --- a/harfbuzz-6.0.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1d1010a1751d076d5291e433c138502a794d679a7498d1268ee21e2d4a140eb4 -size 18952524 diff --git a/harfbuzz-7.0.0.tar.xz b/harfbuzz-7.0.0.tar.xz new file mode 100644 index 0000000..599cb21 --- /dev/null +++ b/harfbuzz-7.0.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7b4685b7066c5c6b8dc6cd7b02f63c554fb8cc1c4ddcfc44bc284efa3c20cf28 +size 18555728 diff --git a/harfbuzz-CVE-2023-25193.patch b/harfbuzz-CVE-2023-25193.patch deleted file mode 100644 index 735b326..0000000 --- a/harfbuzz-CVE-2023-25193.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 85be877925ddbf34f74a1229f3ca1716bb6170dc Mon Sep 17 00:00:00 2001 -From: Behdad Esfahbod -Date: Wed, 1 Feb 2023 20:00:43 -0700 -Subject: [PATCH] [layout] Limit how far we skip when looking back - -See comments. ---- - src/hb-ot-layout-gsubgpos.hh | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh -index bf74672a1..8ca691805 100644 ---- a/src/hb-ot-layout-gsubgpos.hh -+++ b/src/hb-ot-layout-gsubgpos.hh -@@ -578,6 +578,13 @@ struct hb_ot_apply_context_t : - unsigned stop = num_items - 1; - if (c->buffer->flags & HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT) - stop = 1 - 1; -+ -+ /* When looking back, limit how far we search; this function is mostly -+ * used for looking back for base glyphs when attaching marks. If we -+ * don't limit, we can get O(n^2) behavior where n is the number of -+ * consecutive marks. */ -+ stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH); -+ - while (idx > stop) - { - idx--; --- -2.39.0 - diff --git a/harfbuzz.changes b/harfbuzz.changes index 98a4494..4fd6329 100644 --- a/harfbuzz.changes +++ b/harfbuzz.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Sun Feb 12 08:51:43 UTC 2023 - Andreas Stieger + +- Update to version 7.0.0: + + New hb-paint API that is designed mainly to paint COLRv1 glyphs, + but can be also used as a unified API to paint any of the glyph + representations supported by HarfBuzz (B/W outlines, color + layers, or color bitmaps). + + New hb-cairo API for integrating with cairo graphics library. + This is provided as a separate harfbuzz-cairo library. + + Support for instancing CFF2 table + + Support font emboldening + + Support feature ranges with AAT shaping + + Experimental support to cubic curves in glyf table + + Various subsetter improvements + + Various documentation improvements + + Significantly reduced memory use during shaping + + Greatly reduced memory use during subsetting CFF table + + New command line utility, hb-info, for querying various font + information + + New hb-shape/hb-view options: --glyphs, --color-palette, + --font-bold, --font-grade, and --named-instance + + Miscellaneous fixes and improvements +- harfbuzz-CVE-2023-25193.patch dropped in favor of upstream + consensus fix + ------------------------------------------------------------------- Mon Feb 6 17:11:49 UTC 2023 - Michael Gorse diff --git a/harfbuzz.spec b/harfbuzz.spec index 8e33d15..a9d32bd 100644 --- a/harfbuzz.spec +++ b/harfbuzz.spec @@ -17,15 +17,13 @@ Name: harfbuzz -Version: 6.0.0 +Version: 7.0.0 Release: 0 Summary: An OpenType text shaping engine License: MIT URL: https://www.freedesktop.org/wiki/Software/HarfBuzz Source0: https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/%{name}-%{version}.tar.xz Source99: baselibs.conf -# PATCH-FIX-UPSTREAM harfbuzz-CVE-2023-25193.patch boo#1207922 mgorse@suse.com -- limit how far we skip when looking back. -Patch0: harfbuzz-CVE-2023-25193.patch BuildRequires: c++_compiler BuildRequires: c_compiler BuildRequires: meson @@ -50,6 +48,13 @@ Summary: An OpenType text shaping engine %description -n libharfbuzz0 HarfBuzz is an OpenType text shaping engine. +%package -n libharfbuzz-cairo0 +Summary: Cairo integration into the HarfBuzz OpenType text shaping engine + +%description -n libharfbuzz-cairo0 +HarfBuzz is an OpenType text shaping engine. +This package contains the Cairo library. + %package -n libharfbuzz-icu0 Summary: ICU integration into the HarfBuzz OpenType text shaping engine @@ -116,6 +121,7 @@ This package contains the development files. %meson_install %ldconfig_scriptlets -n libharfbuzz0 +%ldconfig_scriptlets -n libharfbuzz-cairo0 %ldconfig_scriptlets -n libharfbuzz-icu0 %ldconfig_scriptlets -n libharfbuzz-gobject0 %ldconfig_scriptlets -n libharfbuzz-subset0 @@ -125,6 +131,9 @@ This package contains the development files. %doc NEWS %{_libdir}/libharfbuzz.so.0* +%files -n libharfbuzz-cairo0 +%{_libdir}/libharfbuzz-cairo.so.0* + %files -n libharfbuzz-icu0 %{_libdir}/libharfbuzz-icu.so.0* @@ -138,16 +147,18 @@ This package contains the development files. %{_libdir}/girepository-1.0/HarfBuzz-0.0.typelib %files tools +%{_bindir}/hb-info %{_bindir}/hb-ot-shape-closure %{_bindir}/hb-shape -%{_bindir}/hb-view %{_bindir}/hb-subset +%{_bindir}/hb-view %files devel %doc AUTHORS README THANKS %{_includedir}/harfbuzz/ %{_libdir}/*.so %{_libdir}/pkgconfig/harfbuzz.pc +%{_libdir}/pkgconfig/harfbuzz-cairo.pc %{_libdir}/pkgconfig/harfbuzz-icu.pc %{_libdir}/pkgconfig/harfbuzz-gobject.pc %{_libdir}/pkgconfig/harfbuzz-subset.pc